Date: Fri, 28 Apr 2006 16:49:44 -0400 From: "Matthew McGehrin" <mcgehrin@reverse.net> To: <ipfw@freebsd.org> Subject: Re: IPTABLES to IPFW for Packet Inspection Filtering Message-ID: <000601c66b05$47e0c840$af00a8c0@orange> References: <OFBD7BBE12.3AD0268B-ON8525715E.005548F1-8525715E.00561E4E@zbi.com> <44526C7C.10208@bonddesk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Perhaps a transparent squid proxy. Redirect the http requests to squid, and then block the sites there. 17. Interception Caching/Proxying http://www.squid-cache.org/Doc/FAQ/FAQ-17.html ----- Original Message ----- From: "Corey Smith" <csmith@bonddesk.com> To: "Daniel Walker" <dwalker@zbi.com> Cc: <ipfw@freebsd.org>; "vladone" <vladone@spaingsm.com> Sent: Friday, April 28, 2006 3:26 PM Subject: Re: IPTABLES to IPFW for Packet Inspection Filtering > Daniel Walker wrote: >> IPTABLES allows for string matching. IPFW does not. I'll have to fire >> up my Ubuntu to do this. > AFAIK String match deny processing should be done using divert(4) sockets > like natd. You use IPFW to divert outgoing DNS requests to your natd-like > (userland) process. This process determines whether or not it contains > your string and blocks the request/response if it does.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601c66b05$47e0c840$af00a8c0>